Put a Bow on It

Ansible Rollouts on Kubernetes

Ansible also has an option for rolling out applications on Kubernetes in next to no time. The kubernetes.core collection,

ansible-galaxy collection install kubernetes.core

provides all the modules you need. The standard k8s module simply bundles the Kubernetes YAML declaration (as a YML file type) of a resource directly into the Ansible code. You can adopt your existing Kubernetes YML files into your playbooks with virtually no changes.

The example rolls out Ansible AWX on a Kubernetes installation. The playbook requires you to be logged in to your Kubernetes cluster for this to work. The way you log in depends on the authentication service you choose for your Kubernetes version. In our lab, I used a MicroShift installation and was authenticated by kubeconfig:

export KUBECONFIG=/<path>/kubeconfig

Also, you need to have set up and started the AWX operator on the Kubernetes installation. The process is described online [1] and requires only a few steps. The playbook starts in the usual way,

- hosts: localhost
   connection: local
   gather_facts: False

and then declares the variables. Because this example has only four variables, I have not separated them out into a separate YML file:

vars:
   awx_name: awx01
   awx_ns: awx
   awx_port: 30080
   base_url: kube.mynet.ip

The AWX installation awx01 can be reached later from the URL http://kube.mynet.ip:30080 . If you use OpenShift or MicroShift, you can also create a route to enable access from http://awx01.kube.mykier.ip (Listing 6). In line with this, the operator will create a pod with PostgreSQL, assign a persistent volume to it, and build another pod with the four AWX containers. The service directs the nodeport into the application. In an OpenShift or MicroShift setup, you can also create the route (Listing 7).

- name: Install AWX
   kubernetes.core.k8s:
      state: present
      definition:
         apiVersion: awx.ansible.com/v1beta1
         kind: AWX
         metadata:
            name: "{{ awx_name }}"
            namespace: "{{ awx_ns }}"
         image: "{{ app_image }}"
            image: service_type: nodeport
            nodeport_port: "{{ awx_port }}"

- name: AWX-route
   kubernetes.core.k8s:
      state: present
      definition:
         kind: Route
         apiVersion: route.openshift.io/v1
         metadata:
            name: "{{ awx_name }}-route"
            namespace: "{{ awx_ns }}"
         spec:
            host: "{{ awx_name }}.{{ base_url }}"
            to:
               kind: Service
               name: "{{ awx_name }}-service"
            port:
               targetPort: http
            wildcardPolicy: None

The operator generates a random password for the admin account and stores it in a secret. Ansible can read this with the k8s_info module and use it later. In the example, I only output the password on the command line so that the user can log in (Listing 8). However, you could also set up the AWX instance automatically with the controller configuration roles [2] of existing YML files (by exporting another AWX, tower, or controller instance) directly after the rollout.

- name: Get Secret
   kubernetes.core.k8s_info:
      apiVersion: v1
      kind: Secret
      name: "{{ awx_name }}-admin-pa,ssword"
      namespace: "{{ awx_ns }}"
   register: awx_secret
- name: AWX Password
   debug:
      msg: "Password: {{ awx_secret.resources[0].data.password | b64decode }}"

Conclusions

Cloud rollouts with Ansible work even better with containerized environments than with traditional VM environments. The playbooks are simpler and run far faster. With Kubernetes or Podman, they skip the tedious steps for a VM setup followed by an operating system configuration and application setup. With the help of Nginx, Podman can do for small environments or edge operations what Kubernetes does for large environments. As an automation tool, Ansible works with any platform.